Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6485

Опубликовано: 10 окт. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Отчет

This issue affects the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5compat-glibcWill not fix
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6compat-glibcWill not fix
Red Hat Enterprise Linux 6glibcWill not fix
Red Hat Enterprise Linux 7compat-glibcWill not fix
Red Hat Enterprise Linux 8glibcNot affected
Red Hat Enterprise Linux 7glibcFixedRHSA-2018:309230.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1542102glibc: Integer overflow in posix_memalign in memalign functions

EPSS

Процентиль: 79%
0.01237
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6485

CVSS3: 9.8
ubuntu
почти 8 лет назад

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

nvd логотип

CVE-2018-6485

CVSS3: 9.8
nvd
почти 8 лет назад

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

debian логотип

CVE-2018-6485

CVSS3: 9.8
debian
почти 8 лет назад

An integer overflow in the implementation of the posix_memalign in mem ...

github логотип

GHSA-m775-r988-g6m4

CVSS3: 9.8
github
больше 3 лет назад

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

fstec логотип

BDU:2018-00365

CVSS3: 9.8
fstec
около 8 лет назад

Уязвимость функции memalign библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01237
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2018-6485